CN104361489B - A kind of mark system and method for sensitive information - Google Patents

A kind of mark system and method for sensitive information Download PDF

Info

Publication number
CN104361489B
CN104361489B CN201410609081.5A CN201410609081A CN104361489B CN 104361489 B CN104361489 B CN 104361489B CN 201410609081 A CN201410609081 A CN 201410609081A CN 104361489 B CN104361489 B CN 104361489B
Authority
CN
China
Prior art keywords
platform
transaction
information
encryption
sensitive information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410609081.5A
Other languages
Chinese (zh)
Other versions
CN104361489A (en
Inventor
谈剑锋
梅庆
杨党团
钱金金
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Peoplenet Security Technology Co Ltd
Original Assignee
Shanghai Peoplenet Security Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Peoplenet Security Technology Co Ltd filed Critical Shanghai Peoplenet Security Technology Co Ltd
Priority to CN201410609081.5A priority Critical patent/CN104361489B/en
Publication of CN104361489A publication Critical patent/CN104361489A/en
Application granted granted Critical
Publication of CN104361489B publication Critical patent/CN104361489B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • G06Q20/027Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP] involving a payment switch or gateway
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3823Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management

Abstract

The present invention relates to the mark system and method for information security field, more particularly to a kind of information, including:Transaction platform, for obtaining sensitive information, while formed and concurrently send transaction request;Gateway, it is connected with transaction platform, accessing payment platform for transaction platform provides access port;Payment platform, it is connected with gateway, for realizing the payment of transaction request;Key management platform, is connected with payment platform, the key information of management and dispensing transaction platform;First FPE encryption equipments, are connected with gateway, for realizing the mark of the sensitive information in transaction request;2nd FPE encryption equipments, it is connected with key management platform, the decryption for the sensitive information after realization markization.Key is distributed to each transaction platform by the present invention centered on key management platform, while sensitive information is encrypted using FPE, has ensured that sensitive information data length in transmitting procedure does not change, while ensure that the safety of sensitive information.

Description

A kind of mark system and method for sensitive information
Technical field
The present invention relates to the mark system and method for information security field, more particularly to a kind of information.
Background technology
With the rapid development of computer technology and network technology, the safety problem getting worse of database information, such as The leakage event for a large amount of sensitive informations that the China Internet of year ends 2011 occurs, its underlying cause be that these information it is more with Plaintext version stores, and there is great potential safety hazard.
Especially at present, the popularization of online payment, its basis as ecommerce, the commonly used promotion of e-payment The fast development of ecommerce, but also bring personal sensitive information particularly bank card information in whole payment process The problem of leakage.
In actual applications, the sensitive datas such as credit number, identification card number are encrypted it is very necessary, but use pass Unite block cipher would generally growth data, data length and type is changed, need to change database structure or using journey Sequence adapts to these changes, and cost is very high;In addition, in traditional message identification method centered on password manager, this Need to establish the password server concentrated, disposed using concentrating, purchase relevant device, put into substantial amounts of cost.
The content of the invention
Data can be extended for traditional block cipher, be data length and the problem of type changes, this Invention is distributed to each transaction platform centered on key management platform, by key, while sensitive information is added using FPE It is close, ensure that sensitive information data length in transmitting procedure does not change, while ensure that the safety of sensitive information.
The mark system and method for sensitive information provided by the invention, technical scheme are as follows:
A kind of mark system of sensitive information, including:
Transaction platform, gateway, payment platform, key management platform, the first FPE (Format PreservingEncryption, form retain encryption) encryption equipment, and the 2nd FPE encryption equipments, wherein,
The transaction platform, for obtaining the sensitive information, while formed and concurrently send transaction request;
The gateway, it is connected with the transaction platform, accessing the payment platform for the transaction platform provides access port;
The payment platform, it is connected with the gateway, for realizing the payment of the transaction request;
The key management platform, is connected with the payment platform, manages and distribute the key information of the transaction platform;
The first FPE encryption equipments, are connected with the gateway, for realizing the mark of the sensitive information in the transaction request Knowledgeization;
The 2nd FPE encryption equipments, it is connected with the key management platform, for the sensitive information after realization markization Decryption.
Form retains a kind of symmetric cryptography of ciphering type, it is desirable to which ciphertext with having identical form in plain text.It is quick for database The form of sense information retains encryption, it is necessary to ensure that ciphertext meets constraint of the database for data format, mainly includes:Data are not It can be expanded, i.e., when encrypting the numeral of N positions, it is necessary to export another N bit digital;Data type can not be changed;Data Encrypt with must be able to being determined property, for the data in database as major key or index field, it will be protected after being encrypted Stay the feature arranged as major key or index where it;And encryption process is reversible.
Preferably, the gateway is the payment gateway of the transaction platform or the online gateway of the payment platform.
Gateway (Gateway) is also known as gateway, protocol converter.Gateway in Internet implementation above network interconnection, It is most complicated network interconnection apparatus, network interconnection, is only used for two different network interconnections of upper-layer protocol.Gateway both can be used for wide area network Interconnection, can be used for local area network interconnection.Gateway is a kind of computer system or equipment for serving as conversion important task.Using different Communication protocol, data format or language, or even between the entirely different two kinds of systems of architecture, gateway is a translation Device.Simply simply reception and registration information is different from bridge, and gateway will repack to the information received, with the need of adaptation to end system Ask.
Gateway is substantially the IP address that a network leads to other networks.Than if any network A and network B, the IP of network A Address realm is " 192.168.1.1~192.168.1.254 ", subnet mask 255.255.255.0;The IP address of network B Scope is " 192.168.2.1~192.168.2.254 ", subnet mask 255.255.255.0.In the situation of no router Under, TCP/IP communication can not be carried out between two networks, even two network connections are in same interchanger (or line concentration Device) on, it is different that ICP/IP protocol can also judge that the main frame in two networks is according to subnet mask (255.255.255.0) In network.And to realize the communication between the two networks, then it must pass through gateway.If the detecting host data in network A The destination host of bag in the home network, is not just transmitted to packet the gateway of its own, then by gateway forwards to network B Gateway, the gateway of network B relay to some main frame (as shown in drawings) of network B.Network A forwards packet to network B Process.
Thus, the IP address of gateway is only set, ICP/IP protocol could realize the phase intercommunication between heterogeneous networks Letter.So this IP address is the IP address of which platform machineThe IP address of gateway is the IP of the equipment with routing function Location, have routing function equipment have router, the server (being substantially equivalent to a router) for enabling Routing Protocol, Proxy server (also corresponds to a router).
In the context with Novell netware network interactive operations, clothes that gateway uses in window networking The work of bridge is played between the NetWare core protocol (NCP) that business device block of information (SMB) agreement and netware network use With.Gateway is also referred to as ip router.
Preferably, the sensitive information includes the information and payment card number for unique mark user.
A kind of mark method of sensitive information, the mark system applied to above-mentioned sensitive information, it is characterised in that bag Include following steps:
Transaction platform described in S1 obtains the sensitive information, is formed and sends the transaction request;
Gateway described in S2 receives the transaction request, while the transaction request is sent to the first FPE encryption equipments;
The first FPE encryption equipments realize the mark of the sensitive information in the transaction request described in S3, are formed new Transaction request;
Payment platform described in S4 obtains the new transaction request, while sends the request to the key management platform;
The new transaction request is sent to the 2nd EPF encryption equipments and is decrypted by key management platform described in S5;
S6 sends the transaction that the solution confidential information realizes the transaction request to the payment platform.
Preferably, it is characterised in that:Before the transaction of the transaction platform is realized, the transaction platform is in the mark Registered in change system, and obtain encryption key and initial vector that the key management platform is sent, complete the transaction The registration of platform;And the initial vector is stored in the first FPE encryption equipments, and decruption key, FPE encryption keys, and Data format;The ciphertext of the sensitive information associated with the transaction platform log-on message is stored in key management platform, The initial vector, and the data format.
Specifically, communication will pass through public network transmission between easy platform and the first FPE encryption equipments, so having adopted asymmetric arithmetic Encryption, transaction request use public key encryption, i.e., above-mentioned encryption key, its mistake in transaction platform registration first in transaction platform Formed in journey;Then go to decrypt by the private key of transaction platform in the first FPE encryption equipments, i.e., in above-mentioned first FPE encryption equipments Decruption key, the information that decrypts is encrypted with markization encryption algorithm F PE again with FPE encryption keys.
Preferably, specifically include in step sl:
Transaction platform described in S11 obtains the Transaction Information for including the sensitive information, forms the transaction request;
The encryption that S12 realizes the transaction request in transaction platform using the encryption key generates encryption information;
Transaction platform described in S13 sends out the encryption information.
Preferably, the transaction request includes the sensitive information and the transaction platform log-on message.
Preferably, specifically include in step s3:
First FPE encryption equipments described in S31 receive the encryption information;
The first FPE encryption equipments realize the decryption of the encryption information using the decruption key and initial vector described in S32, Obtain the sensitive information;
First FPE encryption equipments described in S33 use the initial vector, the FPE encryption keys, and the data format Realize that the mark of the sensitive information forms ciphertext, while form new transaction request;
The first FPE encryption equipments send the transaction request described in S34.
Preferably, specifically include in step s 5:
Key management platform described in S51 associates described first according to the cipher-text information acquisition received with the ciphertext Begin vector, the data format, and the cipher-text information being stored in the key management platform;
Key management platform described in S52 will receive the cipher-text information and is compared with the cipher-text information stored, realize The confirmation of the cipher-text information;
If S53 is compared successfully, the key management platform is by the initial vector and the data format, and receives The ciphertext send together to the 2nd FPE encryption equipments;
The 2nd FPE encryption equipments realize that the decryption of the ciphertext obtains sensitive information described in S53;
The 2nd FPE encryption equipments send the sensitive information to the payment platform described in S54, realize the transaction request Payment.
The mark system and method for sensitive information provided by the invention, its advantage are:
1. sensitive information is encrypted using FPE in the mark system of the sensitive information of the present invention, ensure whole The data length of sensitive information does not change in individual communication process, while ensure that the safety of sensitive information;And in the present invention In, as long as according to encryption key and initial vector, you can realize the encryption of sensitive information, generate password information, it is ensured that generation Password information uniquely corresponds to transaction platform;
2. in the present invention centered on key management platform, delivering key is given to each transaction platform, each transaction platform Corresponding sensitive information is encrypted using FPE, realizes the distribution arrangement of system, it is less same changing compared to traditional system When reached the lower effect of cost.
Brief description of the drawings
The present invention is described in further detail with reference to the accompanying drawings and detailed description:
Fig. 1 is the structural representation of the markization system of sensitive information in the present invention;
Fig. 2 is the schematic flow sheet of the markization method of sensitive information in the present invention.
Embodiment
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below in conjunction with the accompanying drawings and implement The present invention is specifically described example.Drawings in the following description are only some embodiments of the present invention.For this area For those of ordinary skill, on the premise of not paying creative work, other accompanying drawings can also be obtained according to these accompanying drawings.
As shown in figure 1, the invention provides a kind of mark system of sensitive information, specifically include:Transaction platform, net Close, payment platform, key management platform, the first FPE encryption equipments, and the 2nd FPE encryption equipments.
Specifically, transaction platform, for obtaining sensitive information, while formed and concurrently send transaction request.In actual applications, Transaction platform includes electric business platform, such as Jingdone district, Taobao, Suning etc..And transaction platform is traded in the system using the present invention Before, to be registered in key management platform, the information of registration includes:Name of firm, organize structure code, legal person's certificate and Contact method etc., then key management platform is the encryption key and initial vector that transaction platform distributes encryption, while will transaction The associated storage of the information such as platform and initial vector is in key management platform.Further, the encryption key in transaction platform, such as Fruit transaction can ask to be regularly replaced.Especially, the present invention is to the concrete form of transaction platform, transaction platform log-on message Concrete form be all not specifically limited, as long as it can realize the purpose of the present invention, be included in present disclosure.
Further, in order to ensure security performance of the information in transmitting procedure, during transaction platform is registered, key Management platform certificate used when can also distribute safe control accordingly to data encryption.Especially, transaction platform and the first FPE Communication will pass through public network and transmit between encryption equipment, so having adopted asymmetric arithmetic encryption, transaction platform enters in key management platform Public key and private key are generated during row registration, wherein, public key is used to encrypt the transaction request in transaction platform, while public key is beaten Bag enters safe control;Private key is stored in the first FPE encryption equipments for decrypted private key.
Gateway, it is connected with transaction platform, accessing payment platform for transaction platform provides access port.Further, in this hair In bright, gateway is the payment gateway of transaction platform or the online gateway of payment platform, i.e., system provided by the invention, includes two The kind means of payment, user can select to communicate to connect with payment platform by using the payment gateway of transaction platform, can also Selection is communicated to connect by the online gateway of payment platform with payment platform.Specifically, the online gateway of payment platform includes silver Connection or the first payment gateway of bank;The payment gateway of transaction platform, such as Ke Yishi, Alipay.
Payment platform, it is connected with gateway, for realizing the payment of transaction request, that is, realizes the clearance of transaction request.Specifically Ground, the payment platform in the present invention include the system for settling account of bank, that is, receive the transaction request that transaction platform is sent, including merchandise The information realization clearance process such as the amount of money, transaction card number.
Key management platform, is connected with payment platform, the key information of management and dispensing transaction platform.In practical application In, except being responsible for and distributing key information, include the maintenance of key.Store transaction platform log-on message is associated to be added The information such as key, the ciphertext of sensitive information, initial vector, certificate.Especially, in the present invention, divide in key management platform The key for issuing each transaction platform is that certainly, the present invention is to FPE encryption keys by random number caused by the hardware such as encryption equipment Generation form do not limit, as long as it can realize the purpose of the present invention, be included in present disclosure.
First FPE encryption equipments, are connected with gateway, for realizing the mark of the sensitive information in transaction request.In reality In, before the use, i.e., it is necessary to be configured to encryption equipment in the initialization procedure of system, including storage key management Platform is distributed to the certificate that trade company has imported transaction platform decruption key (i.e. private key), for adding to the FPE that sensitive information is encrypted The information such as key, initial vector and data format.Especially, FPE encryption keys said herein are the generation of encryption equipment The random number of safety, certainly, the present invention are not limited the generation form of FPE encryption keys, as long as it can realize the present invention's Purpose, it is included in present disclosure.
Further, above-mentioned sensitive information includes being used for the information of unique mark user and pays card number etc., such as No. SSN (Social Security Number social security numbers).
Present invention also offers a kind of mark method of sensitive information, the mark system applied to above-mentioned sensitive information System, comprises the following steps:
S1 transaction platforms obtain sensitive information, and transaction request is concurrently sent in formation;
S2 gateways receive transaction request, while transaction request is sent to the first FPE encryption equipments;
The FPE encryption equipments of S3 the first realize the mark of the sensitive information in transaction request, form new transaction request;
S4 payment platforms obtain new transaction request, while send the request to key management platform;
New transaction request is sent to the 2nd EPF encryption equipments and is decrypted by S5 key managements platform;
S6 sends the transaction that solution confidential information to payment platform realizes transaction request.
Specifically, before the transaction of transaction platform is realized, transaction platform is registered in markization system, and is obtained The encryption key and initial vector that key management platform is sent, complete the registration of transaction platform;And deposited in the first FPE encryption equipments Store up initial vector, decruption key, FPE encryption keys, and data format;Storage is noted with transaction platform in key management platform The ciphertext of the sensitive information of volume information association, initial vector, and data format.
Further, in step S1, transaction platform obtains sensitive information, and formation, which is concurrently sent in transaction request, to be specifically included:
S11 transaction platforms obtain the Transaction Information for including sensitive information, form transaction request.Especially, it is said herein quick The card number, ID card information etc. that used in sense information, including process of exchange;Transaction request includes sensitive information and transaction is flat Platform log-on message, i.e. transaction request information are except including sensitive information, in addition to transaction platform mechanism information etc..
The encryption that S12 realizes transaction request in transaction platform using encryption key generates encryption information.Especially, in order to Safety of the information in transmitting procedure is further ensured, also data are realized using corresponding safe control and certificate in the present invention Encryption, especially, the safe control that the present invention describes, including be that a kind of browser is included in the OCX installed in IE by full control Safe control.
S13 transaction platforms send out encryption information.
Further, in step S3, the first FPE encryption equipments realize the mark of the sensitive information in transaction request, are formed In new transaction request, specifically include:
The FPE encryption equipment receiving encryption keys of S31 the first;
The FPE encryption equipments of S32 the first realize the decryption of encryption information using decruption key and initial vector, obtain sensitive letter Breath.Especially, if having used safe control and certificate to encrypt data in transaction platform, in the first FPE encryption equipments It is middle that it is decrypted using the certificate for being stored in inside accordingly.
The FPE encryption equipments of S33 the first use initial vector, FPE encryption keys, and data format to realize the mark of sensitive information Knowledgeization forms ciphertext, while forms new transaction request.Specifically, in general, sensitive information is encrypted, in pars intermedia Encryption, end to end 4 meetings retain accordingly, such as:SSN is 7412345678900000, then the ciphertext after FPE is encrypted is 7412342335260000, then the information after encryption is sent to the 2nd FPE again and is decrypted.
The FPE encryption equipments of S34 the first send transaction request.
Further, in step s 5, new transaction request is sent to the 2nd EPF encryption equipments and carried out by key management platform Decryption specifically includes:
The initial vector that S51 key managements platform associates according to the cipher-text information acquisition received with ciphertext, data format, And it is stored in the cipher-text information in key management platform.Specifically, key management platform is after ciphertext is received, i.e. basis Searched in the contingency table that the ciphertext received internally stores, while find other related information, if do not found, Then illustrate that ciphertext is tampered with during transmission, then terminate transaction.
S52 key managements platform will receive cipher-text information and is compared with the cipher-text information stored, realize cipher-text information Confirmation;
If S53 is compared successfully, key management platform is by initial vector and data format, and the ciphertext one received rises Deliver to the 2nd FPE encryption equipments;If comparing failure, transaction is terminated.
The FPE encryption equipments of S53 the 2nd realize that the decryption of ciphertext obtains sensitive information;
The FPE encryption equipments of S54 the 2nd send sensitive information to payment platform, realize the payment of transaction request.Payment platform In system for settling account be to be cleared according to information such as the sensitive information that decrypts, such as card number, the amount of money.After clearance terminates, Clearance result is sent into transaction platform, confirmed for user.
The foregoing is only presently preferred embodiments of the present invention, be not intended to limit the invention, it is all the present invention spirit and Within principle, any modification, equivalent substitution and improvements etc. are done, should be included in the scope of the protection.

Claims (5)

  1. A kind of 1. mark system of sensitive information, it is characterised in that including:
    Transaction platform, gateway, payment platform, key management platform, the first FPE encryption equipments, and the 2nd FPE encryption equipments, wherein,
    The transaction platform, for obtaining sensitive information, while formed and concurrently send transaction request;Transaction request includes sensitive information With transaction platform log-on message;The encryption for realizing transaction request using encryption key in transaction platform generates encryption information, hands over Easy platform sends out encryption information;
    The gateway, it is connected with the transaction platform, accessing the payment platform for the transaction platform provides access port;
    The payment platform, it is connected with the gateway, for realizing the payment of the transaction request;
    The key management platform, is connected with the payment platform, manages and distribute the key information of the transaction platform;According to The cipher-text information received obtains the initial vector of ciphertext association, data format, and is stored in key management platform Cipher-text information;It is compared cipher-text information is received with the cipher-text information stored;If comparing successfully, key management platform will be just Beginning vector sum data format, and the ciphertext received are sent to the 2nd FPE encryption equipments together;
    The first FPE encryption equipments, are connected with the gateway, for realizing the mark of the sensitive information in the transaction request Change;The decryption of encryption information is realized using decruption key and initial vector, obtains sensitive information;Use initial vector, FPE encryptions Key, and data format realize that the mark of sensitive information forms ciphertext, while form new transaction request;By new transaction Request is sent;
    The 2nd FPE encryption equipments, it is connected with the key management platform, the solution for the sensitive information after realization markization It is close.
  2. 2. the mark system of sensitive information as claimed in claim 1, it is characterised in that:The gateway is the transaction platform The online gateway of payment gateway or the payment platform.
  3. 3. the mark system of sensitive information as claimed in claim 1, it is characterised in that:The sensitive information includes being used for uniquely Identify the information of user and pay card number.
  4. 4. a kind of mark method of sensitive information, the mark system applied to the sensitive information as described in claim 1-3 is any System, it is characterised in that comprise the following steps:
    Transaction platform described in S1 obtains the sensitive information, is formed and sends the transaction request;
    Gateway described in S2 receives the transaction request, while the transaction request is sent to the first FPE encryption equipments;
    The first FPE encryption equipments realize the mark of the sensitive information in the transaction request described in S3, form new transaction Request;
    Payment platform described in S4 obtains the new transaction request, while sends the request to the key management platform;
    The new transaction request is sent to the 2nd FEP encryption equipments and is decrypted by key management platform described in S5;
    S6 sends the transaction that the solution confidential information realizes the transaction request to the payment platform;
    Specifically include in step sl:Transaction platform described in S11, which obtains, includes the Transaction Information of the sensitive information, described in formation Transaction request;
    The encryption that S12 realizes the transaction request in transaction platform using the encryption key generates encryption information;
    Transaction platform described in S13 sends out the encryption information;
    Specifically include in step s3:First FPE encryption equipments described in S31 receive the encryption information;
    First FPE encryption equipments described in S32 realize the decryption of the encryption information using the decruption key and initial vector, obtain The sensitive information;
    First FPE encryption equipments described in S33 use the initial vector, the FPE encryption keys, and the data format to realize The mark of the sensitive information forms ciphertext, while forms new transaction request;
    The first FPE encryption equipments send the transaction request described in S34;
    Specifically include in step s 5:Key management platform described in S51 according to the cipher-text information that receives obtain with it is described The initial vector of ciphertext association, the data format, and the cipher-text information being stored in the key management platform;
    Key management platform described in S52 will receive the cipher-text information and is compared with the cipher-text information stored, described in realization The confirmation of cipher-text information;
    If S53 is compared successfully, the key management platform is by the initial vector and the data format, and the institute received Ciphertext is stated to send together to the 2nd FPE encryption equipments;
    The 2nd FPE encryption equipments realize that the decryption of the ciphertext obtains sensitive information described in S53;
    The 2nd FPE encryption equipments send the sensitive information to the payment platform described in S54, realize the branch of the transaction request Pay.
  5. 5. the mark method of sensitive information as claimed in claim 4, it is characterised in that:
    Before the transaction of the transaction platform is realized, the transaction platform is registered in the markization system, and is obtained The encryption key and initial vector for taking the key management platform to send, complete the registration of the transaction platform;In key management The ciphertext of the sensitive information associated with the transaction platform log-on message, initial vector, and data format are stored in platform;And The initial vector used in the step S31~S34, decruption key, FPE encryptions are stored in the first FPE encryption equipments Key, and data format.
CN201410609081.5A 2014-11-03 2014-11-03 A kind of mark system and method for sensitive information Active CN104361489B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410609081.5A CN104361489B (en) 2014-11-03 2014-11-03 A kind of mark system and method for sensitive information

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410609081.5A CN104361489B (en) 2014-11-03 2014-11-03 A kind of mark system and method for sensitive information

Publications (2)

Publication Number Publication Date
CN104361489A CN104361489A (en) 2015-02-18
CN104361489B true CN104361489B (en) 2018-01-09

Family

ID=52528747

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410609081.5A Active CN104361489B (en) 2014-11-03 2014-11-03 A kind of mark system and method for sensitive information

Country Status (1)

Country Link
CN (1) CN104361489B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106295367A (en) * 2016-08-15 2017-01-04 北京奇虎科技有限公司 Data ciphering method and device
CN106295366B (en) * 2016-08-15 2020-11-24 北京奇虎科技有限公司 Sensitive data identification method and device
CN109729063B (en) * 2018-05-14 2022-02-25 网联清算有限公司 Information processing method and information processing system applied to encryption machine
CN109543399B (en) * 2018-11-12 2022-12-23 中国联合网络通信有限公司重庆市分公司 Method for preventing second-generation ID card reader OCX control from being tampered
CN111553667A (en) * 2020-04-02 2020-08-18 中国银联股份有限公司 Transaction method, gateway device, payment platform, merchant device and transaction system
CN112769759B (en) * 2020-12-22 2021-10-26 北京深思数盾科技股份有限公司 Information processing method, information gateway, server and medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101018130A (en) * 2007-02-15 2007-08-15 物方恒德(北京)投资咨询有限公司 Finance business system and finance business processing method
CN101685512A (en) * 2008-09-28 2010-03-31 中国银联股份有限公司 Computer, payment system and method thereof for realizing on-line payment
CN102592107A (en) * 2011-12-31 2012-07-18 成都天钥科技有限公司 Method, device and system for realizing commodity business on handheld terminal

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101018130A (en) * 2007-02-15 2007-08-15 物方恒德(北京)投资咨询有限公司 Finance business system and finance business processing method
CN101685512A (en) * 2008-09-28 2010-03-31 中国银联股份有限公司 Computer, payment system and method thereof for realizing on-line payment
CN102592107A (en) * 2011-12-31 2012-07-18 成都天钥科技有限公司 Method, device and system for realizing commodity business on handheld terminal

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"基于多种终端接入和数据安全的电子支付平台设计";周蔚林;《中国优秀硕士学位论文全文数据库 经济与管理科学辑》;20120515(第05期);第2章,图2.6 *

Also Published As

Publication number Publication date
CN104361489A (en) 2015-02-18

Similar Documents

Publication Publication Date Title
CN104361489B (en) A kind of mark system and method for sensitive information
CN103716167B (en) Method and device for safely collecting and distributing transmission keys
CN100477833C (en) Authentication method
CN102916806B (en) Cryptograph key distribution system
CN101605137B (en) Safe distribution file system
CN106961336A (en) A kind of key components trustship method and system based on SM2 algorithms
CN108964905A (en) A kind of safe and efficient block chain implementation method
CN101405759A (en) Method and apparatus for user centric private data management
CN107425983A (en) A kind of unified identity authentication method and system platform based on WEB service
CN103229452A (en) Mobile handset identification and communication authentication
CN107769912A (en) A kind of quantum key chip and the encipher-decipher method based on quantum key chip
CN102546833A (en) Bank enterprise interconnection uniform access platform
JPWO2008153096A1 (en) Financial transaction system
CN104125230B (en) A kind of short message certification service system and authentication method
CN110225049A (en) Data transmission method, client and server
CN108322488A (en) The system that trust data is shared and distributes is realized in multiple car networkings
CN103475474B (en) Method for providing and acquiring shared enciphered data and identity authentication equipment
CN102118385A (en) Security domain management method and device
CN107888379A (en) A kind of method of secure connection, POS terminal and code keypad
CN105959265A (en) Electronic form filling system and method thereof
CN1925401B (en) Internet access system and method
CN103916363A (en) Communication security management method and system for encryption machine
CN102025748B (en) Method, device and system for acquiring user name of Kerberos authentication mode
WO2014040537A1 (en) Terminal data encryption method and device
JP2001134534A (en) Authentication delegate method, authentication delegate service system, authentication delegate server device, and client device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C41 Transfer of patent application or patent right or utility model
TA01 Transfer of patent application right

Effective date of registration: 20160310

Address after: 201821, room 4, building 1411, 211 Yecheng Road, Jiading Industrial Zone, Shanghai, China

Applicant after: Shanghai PeopleNet Security Technology Co., Ltd.

Address before: 201203 Shanghai City, Pudong New Area Zhangjiang hi tech park Zuchongzhi Road No. 899 Building 9 room 01 4

Applicant before: Shanghai everybody Science and Technology Ltd.

GR01 Patent grant
GR01 Patent grant